Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort - VPN - P2P-ruleset

    pfSense Packages
    2
    2
    1117
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Hi everybody!

      I experienced with pfSense 2.1 and snort (different versions installed since NOV-2013) an issue with VPN tunnels (from pfSense to pfSense, a total of 3 appliances).  After 2-3 min of heavy load (ftp, samba) on the tunnel (IPsec or openVPN, doesn't matter which), the connection broke and the tunnel was gone.

      I tried several things, changed tunnel from initial IPsec to openVPN etc. pp. but finally and in the end I found that the tunnels were killed by funny little snort, P2P ruleset, several rules around eMule. After turning off this ruleset, the tunnels work fine and never ever again broke under load.

      Has anybody else experienced this before or has an explanation for this bug/feature?

      Kind regards!

      1 Reply Last reply Reply Quote 0
      • X
        xternal
        last edited by

        Yep, happened to me. Well the vpn wasn't blocked because I have the remote host added to the $home_net, but it was triggering an alert.

        1:2003310 ET P2P Edonkey Publicize File

        1 Reply Last reply Reply Quote 0
        • First post
          Last post